Employers and advertisers have used profiling for decades to target specific individuals for specific job functions, products, or services. Recently, there has been an increasing unease regarding the use of such psychological tools, especially with respect to liability exposure and invasion of privacy considerations. In a Harris telephone survey conducted in March 2000, a majority of the 1,014 adult respondents felt uncomfortable having information tracked in a Web site or their user profile linked to their real identity or to other third party databases. This is because user profiles are typically bought by marketing companies to enable such companies to target (targeted marketing) these users (potential customers), such as by sending them emails or brochures about their products and/or services, with or without the users' consent. (Users and individuals herein are used interchangeably).
Targeted marketing employs information about the user. Internet service providers (ISPs), for example, monitor users (who are logged into their proprietary system or Web site) and their real identity, enabling them to create a user profile for each user based on the actions of the user within the system, as well as the characteristics of the users (e.g., based on the type of advertisements clicked, type of articles read, the hyperlinks selected, the gender of the user, resident zip code of the user, responses to surveys, and the like). The user profile is then used to enable the ISP, advertiser, and/or other third parties to display advertisements, articles, and other information that would likely interest that particular user. The underlying problem is that matching is done to induce the user into participating in a transaction, at which point the user's name, address, credit card or other personally identifiable information is solicited in order to complete the transaction and have the product or service delivered to the individual. Thus, a profile can be linked to the user's real identity post facto, since the entire sequence of events (profiling, selective presentation, transaction) occurs within a single open network. An ISP, moreover, can determine a user's real identity by looking into its database. This is particularly true since ISPs do not have a separate system (e.g., different databases) to handle transactions that could protect the user's real identity (e.g., subscription sign-up or purchase transactions). Hence, the problem with such systems is that the user's identity is linked to the user's profile, and ISPs or other parties collecting, creating, or maintaining user profiles may sell such information with or without the user's consent. Thus, there is a need for a system where an individual's real identity is uncoupled or separated from the individual's user profile at all times, thereby protecting the user's privacy.
Targeted marketing, however, is beneficial both to users and to third parties (e.g., vendors) to enable more efficient matching of products and/or services. Thus, a way to reconcile the need for efficient matching with an individual's desire not to have personal sensitive information be collected and, potentially, misused is desired. A system where the real identity of an individual is never known would alleviate such privacy concerns.
Several patents address anonymous transactions, i.e., transactions protecting individual's privacy, such that the individual's personal information is protected from disclosure to unauthorized parties. For example, U.S. Pat. No. 6,128,663, issued Oct. 3, 2000, titled “Method and Apparatus for Customization of Information Content Provided to a Requestor Over a Network Using Demographic Information Yet the User Remains Anonymous to the Server,” teaches a system which obtains demographic information about a computer user, transmits the demographic information to other content servers on the network, whereby the various content servers can supply customized banner ads or customized web page content to a user based upon the demographic profile of the user. The demographic profile includes demographic information such as sex, marital status, age, salary, children, job type, city & state of residence, political affiliation, etc., as well as other user preference information. However, the patent teaches that this demographic profile would provide privacy to the user because these various web servers visited by the user would not be provided with personal information about the user such as name, address and phone number. However, the use of this system is explicitly intended to result in a sale or other transaction during which the user's real identity must be disclosed (for shipping the product, or charging a credit card) such that the profile can be linked to the identity post facto. This is an explicit possibility whenever the profiling and the ensuing transaction occur within the same open network, such as the world wide web.
No presently known patents or other documents, however, addresses the profiling of anonymous individuals, i.e., individuals whose real identity is unknown, creating and maintaining user profiles for anonymous individuals for privacy concerns and targeted marketing, or having a system unaware of the user's real identity at any time, even after a transaction is consummated.
Any conventional online transaction requires disclosure of user identity at the time that money changes hands. It is relatively simple for a vendor to take credit card information, for example, and match it to an individual's data (such as financial data, social security number, and so on) stored in third party databases. Marketing of products has traditionally involved a seamless combination of marketing activity (such as displaying an advertisement) and the purchasing transaction.
With the advent of online profiling methodologies, targeted marketing of products online has reached new proportions. Vendors will typically generate and store profiles of customers, with full knowledge of their real-world identities. Even in cases where the user's identity is not initially known, the general purpose is to make a sale—at which juncture, the user's real identity becomes known to the system.
Prior to this invention, no barrier has ever been erected between private or anonymous profiling followed by presentation of selected information (on the one hand) and the identity-disclosing purchasing transaction (on the other hand).
U.S. Pat. No. 6,006,200, for example, issued to Boles et al., teaches a method of protecting a user's address and, optionally, the user's name when ordering products. The user's address and name are stored by a trusted provider, typically a shipper, which has an agreement with the user to not sell its database to outside marketing organizations. The shipper assigns a unique identifier to each user. Every time a user wants to purchase a product from a vendor, the user merely indicates the user's unique identifier as the shipping address. The vendor then sends the product to the shipper with the user's unique identifier. The user's shipping address and name are then retrieved from the trusted provider's database and the product is shipped accordingly without the vendor ever knowing the user's real address and/or name. This system requires at least one party in the marketing transaction to know the user's real identity. More importantly, this system does not provide for the cash transaction, which typically precedes shipping, and during which the user is generally required to disclose identity. The party making the sale will likely gain access to the user's identity (for example, through their credit card number). Thus, protecting identity during shipping offers limited protection of a user's privacy.
U.S. Pat. No. 6,055,510, issued to Henrick et al., teaches a method for enabling targeted marketing of users while maintaining the user's privacy. The patent takes advantage of the knowledge, for example, of an Internet Service Provider (ISP), by having such ISP create lists of users with common interest. The system sends to such users emails containing advertisement information and a hyperlink to the advertiser's Web site. Only when a user selects the hyperlink is the user's real identity disclosed to the advertiser. In this method, the user's identity and profile are known to the ISP, thus offering no protection of a user's privacy (from the ISP).
The patents discussed above, moreover, disclose a method where both the user's real identity and profile are, or become known by at least one system or party in the invention.
From the discussion above, it should be apparent that there is a need for a system that creates and maintains a user profile of an individual without associating that profile to the individual's real identity at any time. Furthermore, such a profile should be useful in marketing products and services to the individual, without the system ever knowing the individual's real identity.